Index

Sponsor

Saturday, 14 November 2015

ESET Uncovers Compromise of Ammyy’s Remote Desktop Software Website

ESET has uncovered several examples of malware being distributed via a strategic web compromise. In late October and early November this year, visitors to ammyy.com were offered a bundle containing not only the company’s legitimate Remote Desktop Software, Ammyy Admin, but also malware.

ESET researchers noticed in late October that, for about a week, visitors to ammyy.com were downloading an installer that contained malware along with the Ammyy product. While Ammyy Admin is legitimate software, it has a long history of being used by fraudsters and several security products, such as ESET's, detect it as a Potentially Unsafe Application.

Similarly, Download.com, a major download site, doesn’t provide a direct-download link to Ammyy software to users, instead listing the Ammyy Admin page for information purposes only. However, Ammyy Admin is still widely used: Ammyy’s website lists clients that include TOP500 Fortune companies as well as Russian banks.

According to the ESET investigation, five different malware families were distributed through Ammyy’s website during the recent incident. The first malware, the Lurk downloader, was distributed on October 26. Next was Corebot on October 29, then Buhtrap on October 30, and finally Ranbyus and Netwire RAT on November 2. Although these families are not linked, the droppers that could potentially have been downloaded from Ammyy’s website were the same in every case. Thus it is quite possible that the cybercriminals responsible for the website hack sold the access to different groups.

Of the malware distributed via Ammyy’s website, of particular interest is the install package used inOperation Buhtrap.

“The fact that cybercriminals now use strategic web compromises is another sign of the gap closing between techniques used by cybercriminals and by actors behind so called Advanced Persistent Threats,” said Jean-Ian Boutin, Malware Researcher at ESET.

Read more about this strategic web compromise and its connection with the Operation Buhtrap onESET Ireland’s blog.

Blog Archive

Cyberia Ireland

Cyber Security for Ireland

Search This Blog

Translate this blog

Welcome to Silicon Ireland

We are a nominated Daily Irish Tech blog started in 2008, We focus on Irish Tech news, SME's ,we love Irish start-ups,we love looking at new ideas & we love to feature all that is great in the Irish Tech community.

Silicon Ireland Menu

V Blog Awards 2017

Irish Blog Awards Short List 2016

Nominated Tech Blog

E Blog 14

Nominations

Shorty Award Nominated 12

Best Business Twitter Account

Social Media Awards 2011

Nominated Irish Blog Awards 2011

Tech Blog Shortlist 2010

An OConnor Media Site

The opinions, beliefs and viewpoints expressed by the various authors, employees and guest writers on this web site do not necessarily reflect the opinions, beliefs and viewpoints of Silicon Ireland News.